[cabfpub] Question about CN and SAN encoding

García Jimeno, Oscar o-garcia at izenpe.eus
Wed May 23 06:26:33 MST 2018


Hi, we need to issue a certificate for www.gueñes.eus<http://www.gueñes.eus>. According to CABForum requirements, the dnsName, if included in the CN, must match the SAN of the certificate. Our problem is that according to RFC5280 the dnsName in the SAN must be encoded with IA5String, and can't include not ASCII 7-bits characters (like 'ñ'). If we encode the CN using UTF-8 (www.gueñes.eus<http://www.gueñes.eus>) and the SAN using IA5String (www.xn--guees-qta.eus<http://www.xn--guees-qta.eus>), then tools like zlint or https://misissued.com/batch/1/ don't accept them as valid, because they see them as different names (www.gueñes.eus<http://www.gueñes.eus> in CN vs www.xn--guees-qta.eus<http://www.xn--guees-qta.eus> in SAN). Shall we issue the CN as www.xn--guees-qta.eus<http://www.xn--guees-qta.eus> like the SAN, or can we have different values between CN and SAN?

Thanks

.eus gara !
horregatik orain nire helbide elektronikoa da:
por eso mi dirección de correo electrónico ahora es:  o-garcia at izenpe.eus<mailto:o-garcia at izenpe.eus>

Oscar García
CISSP, CISM

[Descripción: Descripción: firma_email_Izenpe_eus]



ERNE! Baliteke mezu honen zatiren bat edo mezu osoa legez babestuta egotea. Mezua badu bere hartzailea. Okerreko helbidera heldu bada (helbidea gaizki idatzi, transmisioak huts egin) eman abisu igorleari, korreo honi erantzuna. KONTUZ!
ATENCION! Este mensaje contiene informacion privilegiada o confidencial a la que solo tiene derecho a acceder el destinatario. Si usted lo recibe por error le agradeceriamos que no hiciera uso de la informacion y que se pusiese en contacto con el remitente.


[Descripción: cid:image001.png at 01D2DDEC.B8FB6830]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cabforum.org/pipermail/public/attachments/20180523/6a9ef201/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 9540 bytes
Desc: image001.jpg
URL: <http://cabforum.org/pipermail/public/attachments/20180523/6a9ef201/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 23964 bytes
Desc: image002.png
URL: <http://cabforum.org/pipermail/public/attachments/20180523/6a9ef201/attachment-0001.png>


More information about the Public mailing list